Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/Sm4vF72XfXChkOCF-2Tpl6jiwpU.roa
File:                     Sm4vF72XfXChkOCF-2Tpl6jiwpU.roa (raw, json)
Hash identifier:          af0a4YYU1V85DRRZcQmVXX7jY85/Mt+zMF7QkoXOvWo=
Subject key identifier:   4A:6E:2F:17:BD:97:7D:70:A1:90:E0:85:FB:64:E9:97:A8:E2:C2:95
Certificate issuer:       /CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Certificate serial:       0197CA55B00863355BE07EA18D6E4196927A
Authority key identifier: 6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/Sm4vF72XfXChkOCF-2Tpl6jiwpU.roa
Signing time:             Wed 02 Jul 2025 08:51:42 +0000
ROA not before:           Wed 02 Jul 2025 08:51:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212988
IP address blocks:        185.194.26.0/24 maxlen: 24
                          185.219.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:55:b0:08:63:35:5b:e0:7e:a1:8d:6e:41:96:92:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba3186597742a926cd26504e1ed76f8543fdb26
        Validity
            Not Before: Jul  2 08:51:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a6e2f17bd977d70a190e085fb64e997a8e2c295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4c:f6:26:19:66:6d:97:3e:25:7d:a1:4f:c1:
                    f0:e5:34:89:22:9c:60:f5:a3:e1:45:c0:00:4e:17:
                    8a:8f:12:4c:65:3e:b7:45:e2:58:c8:8e:8b:93:a2:
                    03:c1:87:5d:13:97:54:00:d8:b3:fc:cd:81:5a:b7:
                    22:f8:12:df:fc:b8:5c:aa:66:bc:46:6f:b4:9f:e3:
                    e1:e9:df:b1:ce:3e:a6:7d:2f:6f:b2:54:24:6f:b1:
                    ff:1a:dd:25:3e:6e:41:7a:ca:6d:34:f3:7d:af:e4:
                    ce:85:3d:8b:03:8a:d8:15:0f:f4:a8:30:f5:06:c5:
                    12:60:61:f1:d5:19:10:03:9b:1c:96:70:9d:31:91:
                    ad:54:bb:f9:f2:c9:b5:a6:ae:cf:07:fc:3a:b1:71:
                    76:ff:e2:57:f8:24:d4:67:58:6d:84:98:41:8c:38:
                    b7:25:72:93:ec:d3:8e:4c:cb:1c:87:b8:aa:5b:05:
                    30:b3:27:1b:24:d5:e0:1f:87:e1:c9:d6:e4:25:6b:
                    f0:08:d6:6a:6b:d4:94:05:e9:36:f3:19:6a:82:58:
                    85:71:bb:0f:fb:74:bd:e8:d3:5a:03:54:bd:66:48:
                    2e:2f:f0:37:ee:7f:74:c6:3a:91:3e:af:0a:cc:98:
                    12:e6:b7:26:49:3a:dc:3e:d6:d2:c8:f2:cb:02:75:
                    07:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:6E:2F:17:BD:97:7D:70:A1:90:E0:85:FB:64:E9:97:A8:E2:C2:95
            X509v3 Authority Key Identifier:
                keyid:6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/Sm4vF72XfXChkOCF-2Tpl6jiwpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.26.0/24
                  185.219.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e5:3c:bd:5c:7a:31:6d:0b:97:18:47:60:18:3b:5b:fe:af:
         72:a8:7f:27:b5:a2:af:a0:54:d2:df:ef:b8:ff:d0:45:70:bc:
         64:30:b0:a6:01:b6:cc:e5:84:ec:0b:81:02:41:60:46:c1:22:
         7d:93:48:31:55:33:48:05:18:cf:42:16:32:a3:78:12:ce:34:
         9f:65:b1:6f:cd:36:50:28:56:a1:78:5f:85:22:02:b5:f8:dd:
         43:57:42:cb:b5:4c:52:5a:92:92:33:37:e1:a1:5a:74:c2:6f:
         78:b9:35:36:ac:2c:80:ee:cf:2b:2e:4c:a3:dc:0b:ec:d4:a2:
         44:85:99:8c:df:3d:d8:fc:72:36:a4:5d:49:3a:bf:7a:7a:6f:
         1c:05:bb:f8:81:ea:14:19:39:b2:5b:3b:13:6f:69:e2:6d:cd:
         c4:9f:be:bd:bc:e0:6c:82:e6:38:18:e2:fa:bf:2c:f3:55:6c:
         d1:9c:5d:f2:8e:cf:67:7b:17:be:27:ff:6a:e2:07:66:1a:53:
         bd:85:3f:fc:ce:4f:63:3d:ec:2b:df:81:3c:ae:2e:39:c0:dc:
         c7:ac:85:9e:a3:38:7d:5b:03:3b:03:03:d4:42:f2:91:1b:2c:
         b2:82:9b:03:ab:5d:de:3c:2d:4a:10:c9:30:46:72:30:25:15:
         3d:23:7c:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfKVbAIYzVb4H6hjW5BlpJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTMxODY1OTc3NDJhOTI2Y2QyNjUwNGUxZWQ3NmY4NTQz
ZmRiMjYwHhcNMjUwNzAyMDg1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTZlMmYxN2JkOTc3ZDcwYTE5MGUwODVmYjY0ZTk5N2E4ZTJjMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0z2JhlmbZc+JX2hT8Hw5TSJIpxg
9aPhRcAATheKjxJMZT63ReJYyI6Lk6IDwYddE5dUANiz/M2BWrci+BLf/Lhcqma8
Rm+0n+Ph6d+xzj6mfS9vslQkb7H/Gt0lPm5BesptNPN9r+TOhT2LA4rYFQ/0qDD1
BsUSYGHx1RkQA5sclnCdMZGtVLv58sm1pq7PB/w6sXF2/+JX+CTUZ1hthJhBjDi3
JXKT7NOOTMsch7iqWwUwsycbJNXgH4fhydbkJWvwCNZqa9SUBek28xlqgliFcbsP
+3S96NNaA1S9ZkguL/A37n90xjqRPq8KzJgS5rcmSTrcPtbSyPLLAnUHewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEpuLxe9l31woZDghftk6Zeo4sKVMB8GA1UdIwQY
MBaAFGujGGWXdCqSbNJlBOHtdvhUP9smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2Mt
YmMwMDdmMmRhYzI0LzEvU200dkY3MlhmWENoa09DRi0yVHBsNmppd3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2MtYmMwMDdmMmRhYzI0
LzEvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucIaAwQA
udvaMA0GCSqGSIb3DQEBCwUAA4IBAQAM5Ty9XHoxbQuXGEdgGDtb/q9yqH8ntaKv
oFTS3++4/9BFcLxkMLCmAbbM5YTsC4ECQWBGwSJ9k0gxVTNIBRjPQhYyo3gSzjSf
ZbFvzTZQKFaheF+FIgK1+N1DV0LLtUxSWpKSMzfhoVp0wm94uTU2rCyA7s8rLkyj
3Avs1KJEhZmM3z3Y/HI2pF1JOr96em8cBbv4geoUGTmyWzsTb2nibc3En769vOBs
guY4GOL6vyzzVWzRnF3yjs9nexe+J/9q4gdmGlO9hT/8zk9jPewr34E8ri45wNzH
rIWeozh9WwM7AwPUQvKRGyyygpsDq13ePC1KEMkwRnIwJRU9I3xZ
-----END CERTIFICATE-----